PrestaShop XSS injection through Validate::isCleanHTML method

Impact xss injection through isCleanHTML method Patches 1.7.8.10 8.0.5 8.1.1 Found by Aleksey Solovev Positive Technologies Workarounds References...

GHSA-XW2R-F8XV-C8XP PrestaShop XSS injection through Validate::isCleanHTML method

Impact xss injection through isCleanHTML method Patches 1.7.8.10 8.0.5 8.1.1 Found by Aleksey Solovev Positive Technologies Workarounds References...

CVE-2023-39527 PrestaShop XSS vulnerability through Validate::isCleanHTML method

PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to cross-site scripting through the isCleanHTML method. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds...

CVE-2023-39527 PrestaShop XSS vulnerability through Validate::isCleanHTML method

PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to cross-site scripting through the isCleanHTML method. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds...

krb5 -- Double-free in KDC TGS processing

The MIT krb5 Team reports: When issuing a ticket for a TGS renew or validate request, copy only the server field from the outer part of the header ticket to the new ticket. Copying the whole structure causes the encpart pointer to be aliased to the header ticket until krb5encrypttktpart is called...

ConvexTriCryptoStrategy might not compound all rewards

Lines of code Vulnerability details Impact When compounding in ConvexTriCryptoStrategy, the number of tokens that is swapped into wETH does not account for extraRewards and tokenRewards. This can cause a loss of yield and rewards to be lost. Proof of Concept In ConvexTriCryptoStrategy.executeClai...

The vulnerability of the validate_path_is_safe() function in the machine learning lifecycle management platform allows a attacker to disclose sensitive information or execute arbitrary files.

The vulnerability of the validatepathissafe function in the machine learning model lifecycle management platform exists due to an incorrect restriction on the path name to the restricted-access directory. Exploiting this vulnerability could allow a malicious actor to disclose sensitive informatio...

GHSA-G4WG-CFPF-9689 keylime fails to flag device as untrusted when signature does not validate

A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted...

CVE-2023-3674 Keylime: attestation failure when the quote's signature does not validate

A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted...

Default credentials

Mattermost WelcomeBot plugin fails to to validate the membership status when inviting or adding users to channels allowing guest accounts to be added or invited to channels by default...

WordPress Plugin Remove Schema 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2023-12515 · WordPress · Remove Schema Plugin

Name of the Vulnerable Software and Affected Versions: Remove Schema plugin for WordPress versions up to, and including, 1.5 Description: The issue is due to missing or incorrect nonce validation on the validate function, making it possible for unauthenticated attackers to modify the plugin's...

CVE-2023-2793

Mattermost fails to validate links on external websites when constructing a preview for a linked website, allowing an attacker to cause a denial-of-service by a linking to a specially crafted webpage in a message...

CVE-2023-31670

An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service DoS via running a crafted binary...

Signature Verification Bypass

github.com/moov-io/signedxml is vulnerable to Signature Verification Bypass. The vulnerability exists because parsing the raw XML as received can result in different output than parsing the canonicalized XML in the Validate function of validator.go, which allows an attacker to bypass signature...

Design/Logic Flaw

Kyverno is a policy engine designed for Kubernetes. In versions of Kyverno prior to 1.10.0, resources which have the deletionTimestamp field defined can bypass validate, generate, or mutate-existing policies, even in cases where the validationFailureAction field is set to Enforce. This situation...

CVE-2023-31670

An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service DoS via running a crafted binary...

Code injection

An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service DoS via running a crafted binary...

UBUNTU-CVE-2023-31670

An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service DoS via running a crafted binary...

CVE-2023-31670

An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service DoS via running a crafted binary...